Method and device for terminal device management based on right control

ABSTRACT

A method and a device for terminal device management based on right control are provided. The method includes the following steps. A Get command on an access control list (ACL) of a managed node in a device management tree (DMT) from a device management (DM) server is received, where the Get command includes a Unified Resource Identity (URI) of the managed node. It is determined whether the DM server has a direct right of executing the Get command on the managed node. The Get command is processed when it is determined that the DM server has the direct right of executing the Get command on the managed node. The method and the device simplify the complexity of right management, and reduce the number of times of message interaction between the DM server and a terminal device, thereby improving the efficiency and performance of terminal device management.

CROSS-REFERENCE TO RELATED APPLICATIONS

This is continuation of U.S. patent application Ser. No. 16/742,550filed on Jan. 14, 2020, which is continuation of U.S. patent applicationSer. No. 14/933,963, filed on Nov. 5, 2105, which is a continuation ofU.S. patent application Ser. No. 13/086,772, filed on Apr. 14, 2011, nowU.S. Pat. No. 9,215,148, which is a continuation of InternationalApplication No. PCT/CN2009/074432, filed on Oct. 14, 2009, which claimspriority to Chinese Patent Application No. 200810224254.6, filed on Oct.14, 2008. All of the afore-mentioned patent applications are herebyincorporated by reference in their entireties.

FIELD OF THE INVENTION

The present invention relates to the field of device management (DM),and more particularly, to a method and a device for terminal devicemanagement based on right control.

BACKGROUND OF THE INVENTION

Currently, with the increase of the complexity of the terminal deviceand growth of services, demands of managing and configuring a terminaldevice in a manner of Over The Air (OTA) are increasingly urgent. Tomanage a terminal device in the manner of OTA with security, the OpenMobile Alliance (OMA) developed a DM protocol. The terminal devicesupporting the OMA DM service function generally has a DM client,responsible for performing operations such as OMA DM protocol parsing,session management, and session security. Meanwhile, the terminal devicesupporting the OMA DM service function generally further includes adevice management tree (DMT). The DMT organizes all available managementobjects in the terminal device together, and each node in the DMT has aunique Unified Resource Identity (URI) for being located.

FIG. 1 is a schematic structural diagram of a DMT. As shown in FIG. 1 ,the summit is a root node of the DMT, the root node includes child nodes(internal nodes or leaf nodes), and each internal node may furtherinclude child nodes. The node of a higher level that the child nodes aresubordinate to is referred to as a parent node. On the basis of the DMTas shown in FIG. 1 , a DM server sends related management commands suchas Get, Add, Replace, Delete, and Exec to the nodes of the DMT throughthe OMA DM protocol, and the terminal device is managed throughoperations on the DMT (except a part of interactive commands).

In a solution of the prior art, each node on the DMT includes a propertyvalue of an access control list (ACL). The ACL is used to control anoperation right of the DM server for each node, and specifies the DMcommands that a certain DM server can execute on a target node. The ACLmay be inherited, and a specific inheritance method is as follows: Whena property value of an ACL of a certain node is empty, an ACL of itsparent node is searched. If the ACL of the parent node is also empty, agrandparent node of the target node is searched, and so forth, until anACL which is not empty is found, and the ACL which is not empty isinherited.

When the DM server needs to visit or operate a property or value of acertain node, if an ACL of the target node is not endowed with a rightcorresponding to the server, a value of the ACL of the target node mustbe firstly replaced to endow the DM server with a correspondingoperation right; and then the DM server is enabled to perform acorresponding visit or operation. In the prior art, to replace an ACL ofa target node, the DM server must have a Replace right of the node orits parent node. If the DM server has the Replace right of the targetnode or its parent node, the ACL is directly replaced. If the DM serverdoes not have the Replace right of the target node or its parent node,it is searched whether the DM server has a Replace right of agrandparent node of the target node. If the DM server has a Replaceright of a grandparent node of the target node, the value of the ACL ofthe parent node is firstly replaced so that the DM server acquires theReplace right, then the ACL of the target node is replaced, and theprocess that the ACL of the target node is replaced is carried outlevel-by-level accordingly.

In the implementation of the present invention, the inventor found atleast the following defects in the solution of the prior art. If the DMThas multi-level rights, to get a node management right, the DM servergets an ACL of an entire subtree, and the ACL of the entire subtreeincludes a great deal of useless information; or the DM server sends aplurality of Get commands, one Get command only gets an ACL of one node,an ACL of a corresponding node is replaced level-by-level, and theplurality of Get commands causes complex interactions and a large numberof messages. In this manner, the number of times of message interactionbetween the DM server and the terminal device are increased, pressure iscaused on processing capabilities of the DM server and the terminaldevice as well as on network transmission, and the efficiency andperformance of terminal device management are reduced.

SUMMARY OF THE INVENTION

Embodiments of the present invention provide a method and a device forterminal device management based on right control, so as to simplifyright management, reduce the number of times of message interactionbetween a DM server and a terminal device, reduce the pressure on the DMserver and the terminal device as well as the pressure on networktransmission, and improve the efficiency and performance of terminaldevice management.

An embodiment of the present invention provides a method for getting anaccess control list (ACL) based on right control, where the methodincludes the following steps.

A Get command, sent from a DM server, for an ACL of a managed node in aDMT is received.

It is determined whether the DM server has a direct right of executingthe Get command on the managed node.

The Get command is processed when it is determined that the DM serverhas the direct right of executing the Get command on the managed node.

An embodiment of the present invention provides a method for replacingan ACL based on right control, where the method includes the followingsteps.

A Replace command, sent from a DM server, for the ACL of a managed nodein a DMT is received.

It is determined whether the DM server has a direct or indirect Replaceright of executing the Replace command on the managed node.

The Replace command is processed when it is determined that the DMserver has the direct or indirect Replace right.

An embodiment of the present invention provides a device for terminaldevice management based on right control, where the device includes amanagement command receiving unit, a direct right judging unit, anindirect right judging unit, and a management command processing unit.

The management command receiving unit is configured to receive, from aDM server, a management command on a managed node in a DMT.

The direct right judging unit is configured to judge whether the DMserver has a direct right of executing the management command on themanaged node.

The indirect right judging unit is configured to judge whether the DMserver has an indirect right of executing the management command on themanaged node.

The management command processing unit is configured to process themanagement command, when the direct right judging unit determines thatthe DM server has the direct right or the indirect right judging unitdetermines that the DM server has the indirect right.

An embodiment of the present invention provides a system for terminaldevice management based on right control, where the system includes a DMserver and a terminal device.

The DM server is configured to send a management command to the terminaldevice.

The terminal device is configured to receive, from a DM server, themanagement command on a managed node in a DMT; judge whether the DMserver has a direct or indirect right of executing the managementcommand on the managed node; and if the DM server has a direct right orindirect right of executing the management command on the managed node,process the management command.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic structural diagram of a DMT in the prior art;

FIG. 2 is a schematic flow chart of a method for terminal devicemanagement based on right control according to a first embodiment of thepresent invention;

FIG. 3 is a schematic flow chart of a method for getting an ACL based onright control according to a second embodiment of the present invention;

FIG. 4 is a schematic flow chart of a method for replacing an ACL basedon right control according to a third embodiment of the presentinvention;

FIG. 5 is a schematic flow chart that a DM server gets a value of an ACLof a target node in a DMT according to a fourth embodiment of thepresent invention;

FIG. 6 is a schematic flow chart that a DM server replaces a value of anACL of a target node according to a fifth embodiment of the presentinvention;

FIG. 7 is a schematic flow chart that a DM server executes a managementcommand on a target node according to a sixth embodiment of the presentinvention;

FIG. 8 is a schematic structural diagram of a system according to aseventh embodiment of the present invention; and

FIG. 9 is a schematic structural diagram of a device for terminal devicemanagement based on right control according to an eighth embodiment ofthe present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

Specific embodiments of the present invention are illustrated below withreference to the accompanying drawings. In the following descriptions,all nodes between a certain node to a root node in a terminal DMT may bereferred to as ancestor nodes (including the root node) of the node.FIG. 2 is a schematic flow chart of a method for terminal devicemanagement based on right control according to a first embodiment of thepresent invention. As shown in FIG. 2 , the method includes thefollowing steps.

In step 21, a management command, from a DM server, for a target node ina DMT is received.

Specifically, when the DM server needs to execute a certain DM commandon a target node in the DMT of a terminal device, the DM server sendsthe management command carrying a URI of the target node to the terminaldevice, and a particular functional module in the terminal devicereceives the management commands. The management commands may includeAdd, Delete, Replace, Get, and Exec.

In step 22, it is judged whether the DM server has a direct right ofexecuting a management command on the target node.

Specifically, the terminal device may judge according to a value of anACL of the target node whether the DM server has a direct right ofexecuting the management command on the target node. The direct rightmentioned here refers to the value of the ACL of the target node isutilized to directly judge whether the DM server has a correspondingright of executing the management command on the target node. Forexample, the terminal device may firstly get the value of the ACL of thetarget node; then it is judged whether the gotten value of the ACLincludes a corresponding item of the management command, and whether thecorresponding item includes an identifier of the DM server; and if thegotten value of the ACL includes a corresponding item of the managementcommand, and the corresponding item includes the identifier of the DMserver, it is determined that the DM server has the direct right ofexecuting the management command on the target node, and then themanagement command can be directly processed; if the gotten value of theACL does not include a corresponding item of the management command, orthe corresponding item does not include the identifier of the DM server,the judgment in step 23 is performed subsequently.

The getting the value of the ACL of the target node is specifically asfollows: If a property value of the ACL of the target node itself is notempty, the property value of the ACL of the target node is gotten. Ifthe property value of the ACL of the target node itself is empty, thelooking-for process begins from the target node to its ancestor nodes,and a property value of an ACL of an ancestor node closest to the targetnode and the property value of the ACL of which is not empty is gottenas the value of the ACL of the target node. In other words, the gottenvalue of the ACL of the target node can be inherited from a value of anACL of an ancestor node.

In step 23, it is judged whether the DM server has an indirect right ofexecuting the management command on the target node.

Specifically, a right speculation manner is utilized to judge whetherthe DM server has an indirect right of executing the management commandon the target node. The indirect right mentioned here refers to aspeculation manner is utilized to indirectly judge whether the DM serverhas a corresponding right of executing the management command on thetarget node. The specific speculation manners vary with different nodeson which speculation is performed. For example, it is judged whether theDM server has a Replace right for a certain node between the target nodeand a root node of the DMT; and if the DM server has the Replace rightfor a certain node between the target node and a root node of the DMT,it is determined that the DM server has the indirect right of executingthe management command on the target node.

The judging method may be as follows: It is judged level-by-level fromthe target node to the root node of the DMT whether a node, a Replaceitem in a value of an ACL of which includes an identifier of the DMserver, exists. If the node, the Replace item in the value of the ACL ofwhich includes the identifier of the DM server exists, it is determinedthat the DM server has the Replace right for the node between the targetnode and the root node of the DMT. The node refers to a node, theReplace item in the value of the ACL of which includes the identifier ofthe DM server. Then, step 24 is performed subsequently; if the node, theReplace item in the value of the ACL of which includes the identifier ofthe DM server, does not exist, step 25 is performed.

In step 24, it is determined that the DM server has the indirect rightof executing the management command on the target node, and themanagement command is processed.

The processing the management command is that the terminal deviceexecutes a corresponding operation such as Add, Delete, Replace, Get,and Exec according to the management command send by the DM server.

In step 25, it is determined that the DM server does not have theindirect right of executing the management command on the target node,and an error is returned.

By implementing the technical solution, the capability of rightspeculation of the terminal device is enhanced. In other words, theterminal device is enabled to judge according to the indirect rightwhether a corresponding process can be performed, and the DM server doesnot need to replace a right level-by-level, so as to simplify thecomplexity of right management, and reduce the number of times ofmessage interaction between the DM server and the terminal device,thereby improving the efficiency and performance of terminal devicemanagement.

A second embodiment of the present invention further provides a methodfor getting an ACL based on right control. FIG. 3 is a schematic flowchart of the method for getting the ACL based on right control. Thegetting method includes the following steps.

In step 31, a Get command, from a DM server, for an ACL of a target nodein a DMT is received.

Specifically, when the DM server needs to execute the Get command on theACL of the target node in the DMT of a terminal device, the DM serversends the Get command on the ACL to the terminal device. A particularfunctional module in the terminal device receives the Get command on theACL.

In step 32, it is judged whether the DM server has a direct right ofexecuting the Get command on the ACL of the target node.

Specifically, the terminal device may judge according to a value of anACL of the target node whether the DM server has the direct right ofexecuting the Get command on the ACL of the target node. For example,firstly the value of the ACL of the target node is gotten; it is judgedwhether a Get item in the gotten value of the ACL includes an identifierof the DM server; and if the Get item in the gotten value of the ACLincludes the identifier of the DM server, it is determined that the DMserver has the direct right of executing the Get command on the ACL ofthe target node, and then the Get command on the ACL is directlyprocessed; if the Get item in the gotten value of the ACL does notinclude the identifier of the DM server, the judgment in step 33 isperformed subsequently.

In step 33, it is judged whether the DM server has an indirect right ofexecuting the Get command of the target node.

Specifically, in the step, a right speculation manner is also utilizedto judge whether the DM server has the indirect right of executing theGet command on the ACL of the target node. However, the specificspeculation manners vary with different speculation items and differentnodes on which speculation is performed. For example, it is judgedwhether the DM server has a Replace right for a certain node between thetarget node and a root node of the DMT. A specific judging method mayinclude the following steps. It is judged level-by-level from the targetnode to the root node of the DMT whether a node, a Replace item in aproperty value of the ACL of which includes an identifier of the DMserver, exists. If the node, a Replace item in a property value of theACL of which includes the identifier of the DM server, exists, it isdetermined that the DM server has the Replace right for the node betweenthe target node and the root node of the DMT. The node refers to a node,the Replace item in the property value of the ACL of which includes theidentifier of the DM server. Hence, it is determined that the DM serverhas the indirect right of executing the Get command on the target node,and then step 34 is performed; if the node, a Replace item in a propertyvalue of the ACL of which includes the identifier of the DM server, doesnot exist, step 35 is performed.

Besides, by judging whether the DM server has a Get right for a parentnode of the target node, it is further determined whether the DM serverhas the indirect right of executing the Get command on the ACL of thetarget node. Specifically, it is judged whether the Get item in thevalue of the ACL of the parent node of the target node includes theidentifier of the DM server. If the Get item in the value of the ACL ofthe parent node of the target node includes the identifier of the DMserver, it is determined that the DM server has the Get right for theparent node. Hence, it is determined that the DM server has the indirectright of executing the Get command on the target node, and then step 34is performed; if the Get item in the value of the ACL of the parent nodeof the target node does not include the identifier of the DM server,step 35 is performed. The judging manner makes the judging process moreconcise, which can be accomplished in only one step, and the judgingprocess is more flexible.

Moreover, if a Replace item is adopted as a speculation item, it isfurther directly judged whether the Replace item in the value of the ACLof the parent node of the target node includes the identifier of the DMserver. If the Replace item in the value of the ACL of the parent nodeof the target node includes the identifier of the DM server, it isdetermined that the DM server has a Replace right for the parent node.Hence, it is determined that the DM server has the indirect right ofexecuting the Get command on the target node, and then step 34 isperformed; if the Replace item in the value of the ACL of the parentnode of the target node does not include the identifier of the DMserver, step 35 is performed. Likewise, the judging manner also makesthe judging process more concise, which can be accomplished in only onestep without the need of judging level-by-level, and further simplifiesthe complexity of right management.

In step 34, it is determined that the DM server has the indirect rightof executing the Get command on the ACL of the target node, and the Getcommand on the ACL is processed.

The processing the Get command on the ACL may be as follows: Theterminal device gets the value of the ACL of the target node, and thenthe gotten value of the ACL is returned to the DM server followingexecution success status information of the management command. If thetarget node obtains the gotten value of the ACL by inheriting a value ofan ACL of its ancestor node, instruction information needs to bereturned at the same time. The instruction information is used todemonstrate that the gotten value of the ACL is inherited.

In step 35, it is determined that the DM server does not have theindirect right of executing the Get command on the ACL of the targetnode, and an error is returned.

Likewise, by implementing the technical solution, the capability ofright speculation of the terminal device is enhanced, the complexity ofright management is simplified, and the number of times of messageinteraction between the DM server and the terminal device is reduced,thereby improving the efficiency and performance of terminal devicemanagement. Meanwhile, by implementing the technical solution, in a caseof not having the direct Get right of an ACL of a child node, the DMserver can still get the ACL of the child node through rightspeculation, so that before replacing the ACL of the child node, the DMserver firstly learns an original value of the ACL of the child node,and operates on the basis of the original value of the ACL, so as tomanage the right more appropriately.

Further, the Get command on the ACL may include a path of the targetnode and an instruction for returning the ACL. The instruction forreturning the ACL is used for demonstrating whether a property of allthe nodes on the path from the target node to the root node is gotten,and the type of the gotten property is the ACL.

In this manner, when the instruction for returning the ACL demonstratesthat the ACL property of all the nodes on the path from the target nodeto the root node needs to be gotten, the terminal device gets the valuesof the ACLs of all the nodes for which the DM server has the Get righton the path from the target node to the root node, and then returns thegotten values of the ACLs. Further, when a plurality of property valuesof the target node needs to be gotten, it is firstly judged whether theDM server has a direct right or indirect right of executing the Getcommand on the target node. If the DM server has the direct right orindirect right of executing the Get command on the target node, theplurality of property values of the target node is gotten, and isreturned to the DM server. By adding the capability of getting a certainproperty of all the nodes or the capability of getting a plurality ofproperties of one target node on one target node path once, the DMserver can get the desired property by performing interaction with theterminal device once only, which effectively reduces the processingpressure on the DM server and the terminal device as well as thepressure on network transmission.

A third embodiment of the present invention further provides a methodfor replacing an ACL based on right control. FIG. 4 is a schematic flowchart of the method for replacing the ACL based on right control. Thereplacing method includes the following steps.

In step 41, a Replace command, from a DM server, for an ACL of a targetnode in a DMT is received.

Specifically, when the DM server needs to execute the Replace command onthe ACL of the target node in the DMT of a terminal device, the DMserver sends the Replace command on the ACL to the terminal device. Aparticular functional module in the terminal device receives the Replacecommand on the ACL.

In step 42, it is judged whether the DM server has a direct right ofexecuting the Replace command on the ACL of the target node.

Specifically, the terminal device may judge whether the DM server has adirect right of executing the Replace command on the ACL of the targetnode. For example, if the target node is an internal node, a value ofthe ACL of the target node or its parent node is gotten, and it isjudged whether a Replace item in the value of the ACL of the target nodeor its parent node includes an identifier of the DM server. If thetarget node is a leaf node, a value of an ACL of a parent node of thetarget node is gotten, and it is judged whether the Replace item in thevalue of the ACL of the parent node of the target node includes anidentifier of the DM server. If the Replace item in the value of the ACLof the parent node of the target node includes the identifier of the DMserver, it is determined that the DM server has the direct right ofexecuting the Replace command on the ACL of the target node, and theReplace command on the ACL is directly processed; if the Replace item inthe value of the ACL of the parent node of the target node does notinclude the identifier of the DM server, the judgment in step 43 isperformed subsequently.

In step 43, it is judged whether the DM server has an indirect right ofexecuting the Replace command on the target node.

Specifically, in the step, a right speculation manner is also utilizedto judge whether the DM server has the indirect right of executing theReplace command on the ACL of the target node. For example, it is judgedwhether the DM server has a Replace right for a certain node between thetarget node and a root node of the DMT. A specific judging method may beas follows: It is judged level-by-level from the target node to the rootnode of the DMT whether a node, a Replace item in a value of an ACL ofwhich includes an identifier of the DM server, exists. If the node, aReplace item in a value of an ACL of which includes an identifier of theDM server, exists, it is determined that the DM server has a Replaceright for the node. Hence, it is determined that the DM server has theindirect right of executing the Replace command on the target node, andthen step 44 is performed subsequently; if the node, a Replace item in avalue of an ACL of which includes an identifier of the DM server, doesnot exist, step 45 is performed.

In step 44, it is determined that the DM server has the indirect rightof executing the Replace command on the ACL of the target node, and theReplace command on the ACL is processed.

The processing the Replace command on the ACL is that the value of theACL of the target node is replaced according to the Replace command ofthe ACL, and then information of successful command execution isreturned.

In step 45, it is determined that the DM server does not have theindirect right of executing the Replace command on the ACL of the targetnode, and an error is returned.

Likewise, by implementing the technical solution, the capability ofright speculation of the terminal device is enhanced, the complexity ofright management is simplified, and the number of times of messageinteraction between the DM server and the terminal device is reduced,thereby improving the efficiency and performance of terminal devicemanagement.

As operations performed by the DM server on the ACL property of thetarget node in the DMT generally can be categorized into two types, thatis, reading and writing, which are respectively corresponding to the Getcommand and the Replace command in OMA DM. The following embodiments aredescribed for reading and writing of the value of the ACL and formanagement of the target node in the DMT respectively.

In a fourth embodiment of the present invention, a DM server gets avalue of an ACL of a target node in a DMT.

From the perspective of data structure, the ACL exists as a property ofa managed node in a DMT. In the specific implementation, a value of theACL may exist in the property of the node, or exist at other locationsof a non-volatile storage of a terminal device. No matter in whichmanner the ACL is implemented, its implementation procedure does notchange.

Getting an ACL of a certain managed node in the DMT by the DM server isrealized by sending a Get command on an ACL property of the managednode. FIG. 5 is a flow chart of processing after receiving the commandby the terminal device according to the fourth embodiment of the presentinvention, which includes the following steps.

In step 51, a Get command on an ACL property of a certain managed node(hereinafter referred to as a target node) in a terminal DMT from acertain DM server is received. The command carries a URI of the targetnode. Then, step 52 is performed.

In step 52, if the Get command carries an instruction for instructing aterminal device to return ACLs of all nodes (that is, ACLs of the targetnode, the root node, and all the nodes between the target node and theroot node) in the URI of the target node, step 53 is performed; while ifthe Get command only carries an instruction for getting the ACL propertyof the target node, step 54 is performed.

The instruction for instructing the terminal device to return the ACLsof all the nodes in the URI of the target node is formed by adding aninstruction for returning information of all the nodes in the URI on thebasis of an expression for getting the ACL property (consisting ofproperty names of the URI and the ACL of the target node). The methodcan be used to get a certain property value or a plurality of propertyvalues of all nodes with a right in a certain URI. For the ACL, theinstruction may be denoted as follows (it is similar in getting otherproperties):

.\NodeA\NodeB?list=NodesInURI+ACL or.\NodeA\NodeB?prop=ACL&list=URI

In the first expression, a parameter of list=NodesInURI carried after apath denotes that the terminal device needs to return the information ofall the nodes in the URI. Following the parameter, a + sign is used toconnect a node property (here, an ACL property), to indicate that theinformation returned by the terminal device is the property value. Thecombination of the parameter and the property denotes that the terminaldevice is required to return the property values of all the nodes on thepath. In the second expression, a parameter of list=URI carried after apath denotes that the terminal device needs to return all the values inthe URI. Following the parameter, another parameter of prop=ACL iscarried to indicate that the values returned by the terminal device arethe property values. The combination of the two parameters denotes thatthe terminal device is required to return the property values of all thenodes on the path.

An instruction for getting the ACL property of the target node may bedenoted as follows:

.\NodeA\NodeB?prop=ACL

To enable the DM server to get a plurality of properties of the targetnode simultaneously without sending a plurality of Get commands, so asto reduce the message size and the complexity of generating the Getmessage by the DM server, the present invention provides the capabilityof getting a plurality of properties of the target node of the terminaldevice with a single Get command. The specific implementation of thecapability is as follows.

A Get command, sent by the DM server, for getting a property of acertain node in a DMT or all nodes in a certain URI carries aninstruction for getting a plurality of property values of the targetnode. Further, the instruction is carried in a value of a<Target>/<LocURI> element of the Get command as a value of a propparameter of the URI of the target node, which is described as follows.

A plurality of prop parameters can be used, a value of each propparameter is a property name of a target node, and a space character(such as “&”) is used to space among the plurality of prop parameters,an example of which is given as follows:

<LocURI>.\NodeA?prop=ACL&prop=Format&prop=Type</LocURI>

Or, a prop parameter can be used, a value of the prop parameter is aplurality of property names of the target node, and one space character(such as “+”) is used among the plurality of property names, an exampleof which is given as follows:

<LocURI>.\NodeA?prop=ACL+Format+Type</LocURI>

The instruction is used for instructing the terminal device to return aplurality of property values of a node with a Get right to the DMserver. After receiving the Get command, the terminal device firstlyjudges whether the DM server sending the Get command has a Get right fora target node (a judging method is that: a Get item in an ACL of thetarget node has an identifier of the DM server; and if a gotten propertyis the ACL, it is further judged whether a Get item in an ACL of aparent node of the target node has the identifier of the DM server). Ifthe Get item has the identifier of the DM server, a plurality ofproperty values of the target node is retrieved, and one or more Resultscommands are generated to return the plurality of property values. Ifone Results command is used to return the plurality of property values,each property value is corresponding to an Item (<Item>element) of theResults command. The <Item>/<Source>/<LocURI> is a path and a returnedproperty name of the target node, and <Data> is a property value of theproperty.

By providing the capability, the DM server is enabled to get one or moreproperties of the target node through one command, which avoids thephenomenon that the DM server generates a plurality of Get commands forgetting a plurality of property values of the target node, reduces themessage quantity, and reduces the processing pressure on the DM serveras well as the pressure on network transmission.

In step 53, values of ACLs of all nodes for which the DM server has aGet right in the URI specified in the Get command are gotten, and thegotten values of the ACLs are returned after returning a commandexecution status.

Two methods for judging whether the DM server has the Get right areprovided.

Method A: If a Get item in an ACL (including an inheritance value) of acertain node includes the identifier of the DM server, it is determinedthat the DM server has a Get right for the ACL of the node.

Method B: If the DM server has a Replace right of a certain node amongancestor nodes of the node, in other words, a Replace item in a value ofan ACL of the certain node includes the identifier of the DM server, itis determined that the DM server has a Get right for the ACL of thenode.

Method A can be used individually to judge; or method A and method B maybe combined to judge: Method A is used for judging whether the DM serverhas a direct Get right, and method B is used for judging in an auxiliaryway whether the DM server has an indirect Get right.

A manner of returning the gotten value of the ACL is as follows. An ACLof each node is returned as a plurality of Items of a single Resultscommand, or returned as a plurality of Results commands. If the propertyvalue of the ACL of the node is empty, an empty value is returned, or avalue of an ACL inherited by the node is returned, and meanwhile it isdemonstrated in the returned result that the value is inherited.

In the method, by adding the capability of getting a certain property(such as an ACL) or a plurality of properties of all nodes in one URI,the DM server can get the desired property through interaction once,without the need of getting the desired property individually for eachnode or getting a certain subtree (a great number of unrelated nodes arecarried, and the amount of data is large), which effectively reduces theprocessing pressure on the DM server and the terminal device as well asthe pressure on network transmission.

In step 54, the value of the ACL of the target node is gotten.

If the property value of the ACL of the node is empty, searching beginsfrom the node to an ancestor node, and a property value of an ACL of anancestor node closest to the node and the value of the ACL of which isnot empty is gotten as the value of the ACL of the node (a subsequentrelated method that the terminal device gets a value of an ACL of acertain managed node in its management tree is the same as this method,and a relation between the value of the ACL and the property value ofthe ACL is as follows: A value of an ACL of a certain node refers to avalue of an ACL having an actual effect on the node; and if the propertyvalue of the ACL of the node is not empty, the value is the propertyvalue; while if the property value of the ACL of the node is empty, thevalue is inherited). After the value of the ACL of the target node isgotten, step 55 is performed.

In step 55, it is judged whether the DM server has a direct Get rightfor the ACL of the target node, and specifically it is judged whether anitem (that is, a Get item) corresponding to the Get command on thegotten value of the ACL includes the identifier of the DM server. Theidentifier of the DM server is used to uniquely identify one DM server,and the identifier exists in a DM account of the terminal device for theDM server, that is, in a DMAcc management object instance of the DMT.

A method for judging whether the identifier of the DM server is includedis exemplified as follows. If Get=ServerA+ServerB&Replace=ServerA, a Getitem includes identifiers ServerA and ServerB of the DM servers; whileif the Get item is Get=*, it is determined the Get item includes anyidentifier of the DM servers. A similar judgment is described in thefollowing.

If the judging result is that the Get item includes any identifier ofthe DM servers, it indicates that the DM server has a direct Get rightfor the ACL of the node, and step 56 is performed; if the judging resultis that the Get item does not include any identifier of the DM servers,it indicates that the DM server does not have the direct Get right forthe ACL of the node, and step 57 is performed.

In step 56, the DM server has the direct Get right for the ACL of thenode, gets the value of the ACL of the node, and returns the value ofthe ACL of the node after returning a Get command success status to theDM server.

If the property value of the ACL of the node is not empty, the propertyvalue of the ACL of the node is returned. If the property value of theACL of the node is empty, the value of the ACL inherited by the node isreturned, and it is demonstrated in a returned result that the value isinherited. A specific demonstration method may be that: an identifierfield of “Inheritance:” is added before the value of the ACL. Forexample, the identifier field is written as: Inheritance:Get=ServerA+ServerB&Replace=ServerA.

In step 57, a speculation node is determined, and a Replace item or Getitem in a value of an ACL of the speculation node is used to speculate,so as to judge whether the DM server has an indirect Get right for theACL of the node.

In accordance with different determined speculation nodes andspeculation items, the specific speculation method may be categorized asfollows.

1) If the determined speculation node is a parent node of the node, thespeculation is as follows. If a Replace item in the value of the ACL ofthe speculation node includes the identifier of the DM server (that is,the DM server has a Replace right for the speculation node), it isdetermined that the DM server has an indirect Get right for the ACL ofthe node, the Get command success status is returned, and then the valueof the ACL of the node is returned. If the Replace item in the value ofthe ACL of the speculation node does not include the identifier of theDM server, the DM server does not have the indirect Get right for theACL of the node, and a Get failure status is returned.

2) If the determined speculation nodes are ancestor nodes of the nodefrom near to far, the speculation is as follows. Starting from the node,a node, a Replace item in a property value of an ACL of an ancestor nodeof which includes the identifier of the DM server, is searched. Firstly,a parent node of the node is searched, and then a grandparent node ofthe node is searched, and so forth, until a node satisfying thecondition is found or the root node of the DMT is found. If the nodesatisfying the condition is found, it is determined that the DM serverhas the indirect Get right for the ACL of the node, the Get commandsuccess status is returned, and then the value of the ACL of the node isreturned. If a Replace item in a property value of an ACL of allancestor nodes does not include the identifier of the DM server, it isdetermined that the DM server does not have the indirect Get right forthe ACL of the node, and the Get failure status is returned.

3) If the Get item is used to speculate, the determined speculation nodeis a parent node of the node. The speculation method is as follows: Ifthe Get item in the value of the ACL of the speculation node includesthe identifier of the DM server, the DM server has the indirect Getright for the ACL of the node, the Get command success status isreturned, and then the value of the ACL of the node is returned. If theGet item in the value of the ACL of the speculation node does notinclude the identifier of the DM server, the DM server does not have theindirect Get right for the ACL of the node, and the Get failure statusis returned.

After determining that the DM server has the indirect Get right for theACL of the node, a specific ACL returning method is categorized into twotypes.

Type A: No matter whether the property value of the ACL of the node isempty, the property value of the ACL of the node is directly returned(if the property value is empty, a returned value is empty).

Type B: If the property value of the ACL of the node is not empty, theproperty value of the ACL of the node is returned. If the property valueof the ACL of the node is empty, the value of the ACL inherited by thenode is returned, and it is demonstrated in a returned result that thevalue is inherited. A specific demonstration is implemented by carryinginstruction information. For example, the identifier field of“Inheritance:” is added before the value of the ACL.

Through an operation of the specific embodiment, a DM server without aGet right for a certain managed node but with a certain right for aparent node or an ancestor node of the managed node can get an ACLproperty of the managed node, so as to more effectively manage andmaintain the ACL, and an adopted right speculation method can guaranteethe reasonableness of getting the value of the ACL. When getting theACL, through an instruction of returning a value inherited by a node (aproperty value of an ACL of which is empty) inheriting a right andinstructing inheritance for the node, the DM server gets a value of anACL having an actual effect on the node, and further learns that thevalue is inherited, which reduces the number of times of interactionsperformed between the DM server and the terminal device to get the valueof the ACL by inheritance, and reduces the pressure on networktransmission and the processing pressure on the DM server.

In a fifth embodiment of the present invention, a DM server replaces avalue of an ACL of a target node.

Based on this embodiment, to execute a certain DM command, such as Add,Delete, Replace, Get, or Copy, on a certain managed node in a DMT of aterminal device, the DM server firstly needs to have a right ofexecuting the management command on the node, and then sends themanagement command.

For example, if a certain DM server needs to execute a Delete command ona managed node of .\NodeA\NodeB in the DMT to delete the managed nodeand its child node, it is assumed that a unique identifier of the DMserver is ServerA, and if a Delete item in an ACL of the managed nodedoes not have the Server A identifier (if the ACL of the managed node isempty, it is determined that the Delete item in the ACL inherited by themanaged node does not have the Server A identifier), before successfullyexecuting the Delete command, the DM server needs to firstly replace theACL of the managed node, so that the Delete item includes the Server Aidentifier.

A method that a server replaces a value of an ACL of a certain managednode is described in detail hereinafter. FIG. 6 is a schematic flowchart according to the fifth embodiment of the present invention, whichincludes the following steps.

In step 61, a Replace command on an ACL property of a certain managednode (hereinafter referred to as a target node) of a DMT from a certainDM server is received, and then step 62 is performed.

In step 62, it is judged whether the DM server has a direct Replaceright for the ACL of the target node, which is described as follows. Ifthe target node is an internal node, it is judged whether an item (thatis, a Replace item) corresponding to the Replace command on the value ofthe ACL of the target node or a Replace item in a value of an ACL of aparent node of the target node includes an identifier of the DM server.If the target node is a leaf node, it is only judged whether the Replaceitem in the value of the ACL of the parent node of the target nodeincludes the identifier of the DM server. If the Replace item in thevalue of the ACL of the parent node of the target node includes theidentifier of the DM server, it indicates that the DM server has adirect Replace right for the ACL of the node, and then step 63 isperformed; if the Replace item in the value of the ACL of the parentnode of the target node does not include the identifier of the DMserver, it indicates that the DM server does not have the direct Replaceright for the ACL of the node, and then step 64 is performed to furtherjudge whether the DM server has an indirect Replace right.

In step 63, it is determined that the DM server has the direct Replaceright for the ACL of the node, the value of the ACL is replacedaccording to the received Replace command, and a command executionsuccess status is returned.

In step 64, it is determined that the DM server does not have the directReplace right for the ACL of the node, a speculation node is determined,and a Replace item in a property value of an ACL of the speculation nodeis used to speculate, so as to judge whether the DM server has anindirect Replace right for the ACL of the node.

A specific speculation method is that the speculation starts from thetarget node to its ancestor node, so as to determine whether the DMserver has an indirect Replace right. Specifically, starting from thenode, a node, a Replace item in a property value of an ACL of anancestor node of which includes the identifier of the DM server, issearched. Firstly, a parent node of the node is searched, and then agrandparent node of the node is searched, and so forth, until a nodesatisfying the condition is found or the root node of the DMT is found.

If the node satisfying the condition is found, it is determined that theDM server has the indirect Replace right for the ACL of the target node,then the value of the ACL is replaced according to the received Replacecommand, and a command success status is returned. If a Replace item ina value of an ACL of the node to the root node of the DMT does notinclude the identifier of the DM server, it is determined that the DMserver does not have a Replace right for the ACL of the node, and afailure status is returned.

After accomplishing the replacement of the right, other properties ofthe target node (if the target node is the leaf node, a node value isfurther included) can be replaced subsequently. Further, beforereplacing the ACL of the target node, in order not to lose existingright information, the DM server can firstly get a current ACL of thetarget node, then generates a new ACL based on the current ACL, and usesthe method according to this embodiment to replace the ACL of the targetnode. The method for getting the value of the ACL may refer to thedescription in the fourth embodiment.

By implementing the technical solution of the fifth embodiment, the DMserver having a Replace right for an ancestor node of a certain managednode can directly replace an ACL of the managed node, which avoids thetrouble of replacing level-by-level, and meanwhile effectivelyguarantees the reasonableness of replacing the value of the ACLaccording to right speculation.

In a sixth embodiment of the present invention, a processing procedurethat a DM server executes a management command on a target node isdescribed.

Based on this embodiment, the DM server needs to execute a certain DMcommand on a certain managed node in a DMT of a certain terminal device,such as getting or replacing a property or value of the managed node, ordeleting the managed node, or adding a child node to the managed node,or instructing the terminal device to execute one action correspondingto the managed node. At this time, the DM server generates and sends acorresponding management command to the terminal device. After receivingthe management command, the terminal device needs to judge whether theDM server has an Exec right for the management command. If the DM serverhas the Exec right for the management command, the management command isprocessed, and a success status is returned after the processingcompletes; if the DM server does not have the Exec right for themanagement command, the operation is rejected and an error is returned.

A method for processing after receiving, by a terminal device, themanagement command executed by the DM server on the target node isdescribed in detail hereinafter. FIG. 7 is a schematic flow chart of themethod according to the sixth embodiment of the present invention, wherethe method includes the following steps.

In step 71, a management command, sent by a DM server, for a target nodein a DMT is received. The management command may be getting or replacinga property or value of the managed node, or deleting the managed node,or adding a child node to the managed node, or instructing the terminaldevice to execute an action corresponding to the managed node.

In step 72, the property value of the ACL of the managed node is gotten.If the property value of the ACL of the node is empty, searching beginsfrom the node to an ancestor node, and a property value of an ACL of anancestor node closest to the node and the value of the ACL of which isnot empty is gotten as the value of the ACL of the node. Then, step 73is performed subsequently.

In step 73, it is judged whether the DM server has a direct right ofexecuting the management command on the target node, and specifically itis judged whether the gotten value of the ACL has an item correspondingto the management command and whether the corresponding item includes anidentifier of the DM server. As some DM commands do not allocate a rightdirectly in the ACL, that is, have no direct corresponding item and areembodied through a right allocated by another related DM command in theACL, the related DM command is the item corresponding to the ACL. Forexample, an item corresponding to a Get command in the ACL is Get, anditems corresponding to a Copy command in the ACL are Add, Get, Replace,and Delete.

If the gotten value of the ACL has the item corresponding to themanagement command and the corresponding item includes the identifier ofthe DM server, it indicates that the DM server has the direct right ofexecuting the management command on the managed node, and step 74 isperformed subsequently. If the gotten value of the ACL does not have theitem corresponding to the management command or the corresponding itemdoes not include the identifier of the DM server, it indicates that theDM server does not have the direct right of executing the managementcommand on the managed node, and step 75 is performed subsequently tojudge whether the DM server has an indirect right.

In step 74, the DM server has the direct right of executing themanagement command on the managed node, the terminal device processesthe management command, and a success status is returned after theprocessing completes.

In step 75, the DM server does not have the direct right of executingthe management command on the managed node, a speculation node isdetermined, and a Replace item in a value of an ACL of the speculationnode is used to speculate, so as to judge whether the DM server has theindirect right of executing the management command on the managed node.

A specific speculation method is that the speculation starts from thenode to its ancestor node. Specifically, starting from the node, a node,a Replace item in a value of an ACL of an ancestor node of whichincludes the identifier of the DM server, is searched. Firstly, a parentnode of the node is searched, and then a grandparent node of the node issearched, and so forth, until a node satisfying the condition is foundor the root node of the DMT is found.

If the node satisfying the condition is found, it is determined that theDM server has the indirect right of executing the management command onthe managed node, the terminal device processes the management command,and a success status is returned after the processing completes. If aReplace item in a value of an ACL of the node to the root node of theDMT does not include the identifier of the DM server, it is determinedthat the DM server does not have the indirect right of executing themanagement command on the managed node, and a command failure status isreturned.

By implementing the technical solution of the sixth embodiment, when aDMT has multi-level rights, the terminal device only needs to judgelevel-by-level whether the DM server has a Replace right. If the DMserver has the Replace right, it is determined that the DM server has anExec right for a target management command of a target managed node, soas to prevent the DM server from getting and replacing a rightlevel-by-level, thereby reducing the number of times of messageinteraction between the DM server and the terminal device, reducing thepressure on the DM server and the terminal device as well as thepressure on network transmission, and improving the efficiency andperformance of terminal device management.

In a seventh embodiment, the present invention further provides a systemfor terminal device management based on right control. FIG. 8 is aschematic structural diagram of the system. As shown in FIG. 8 , thesystem includes a DM server and a terminal device.

The DM server is configured to send a management command to the terminaldevice.

The terminal device is configured to receive a management command on atarget node in a DMT from a DM server, judge whether the DM server has adirect right of executing the management command on the target node,then process the management command if the DM server has the directright, judge whether the DM server has an indirect right of executingthe management command on the target node if the DM server does not havethe direct right, and process the management command if the DM serverhas the indirect right.

In an eighth embodiment, the present invention further provides a devicefor terminal device management based on right control. FIG. 9 is aschematic structural diagram of the device for terminal devicemanagement based on right control. As shown in FIG. 9 , the deviceincludes a management command receiving unit, a direct right judgingunit, an indirect right judging unit, and a management commandprocessing unit.

The management command receiving unit is configured to receive, from aDM server, a management command on a target node in a DMT.

The direct right judging unit is configured to judge whether the DMserver has a direct right of executing the management command on thetarget node according to a property value of an ACL or a value of theACL of the target node. If the DM server has the direct right ofexecuting the management command on the target node, the managementcommand processing unit performs a subsequent operation; if the DMserver does not have the direct right of executing the managementcommand on the target node, the indirect right judging unit processessubsequently. The specific judging manner is as described in the aboveembodiment of the method.

The indirect right judging unit is configured to judge whether the DMserver has an indirect right of executing the management command on thetarget node. The specific judging manner is as described in the aboveembodiment of the method.

The management command processing unit is configured to process themanagement command. Specifically, when it is determined that the DMserver has the direct right or indirect right of executing themanagement command on the target node, the management command isprocessed. The processing the management command is to execute acorresponding operation such as Add, Delete, Replace, Get, and Execaccording to the management command received by the management commandreceiving unit.

Moreover, the indirect right judging unit may further include alevel-by-level judging module. The level-by-level judging module isconfigured to judge level-by-level from the target node to the root nodeof the DMT whether a node, a Replace item in a value of an ACL of whichincludes an identifier of the DM server, exists; and determine that theDM server has the indirect right of executing the management command onthe target node if the node exists.

Optionally, the indirect right judging unit may further include a parentnode judging module. The parent node judging module is configured tojudge whether the Replace item in the value of the ACL of the parentnode of the target node includes an identifier of the DM server; and ifthe Replace item in the value of the ACL of the parent node of thetarget node includes the identifier of the DM server, determine that theDM server has the indirect right of executing the management command onthe target node; if the Replace item in the value of the ACL of theparent node of the target node does not include the identifier of the DMserver, return execution failure status information to the DM server.

The device may be integrally formed in a terminal device, or formed asan individual functional entity, and keep a connection relation with theterminal device.

Persons of ordinary skill in the art should understand that all or apart of the steps of the method according to the embodiments of thepresent invention may be implemented by a program instructing relevanthardware. The program may be stored in a computer readable storagemedium. The storage medium may be a ROM/RAM, a magnetic disk, or anoptical disk.

It can be seen from the technical solutions of the embodiments of thepresent invention that, firstly, a management command on a target nodein a DMT from a DM server is received; and then it is judged whether theDM server has a direct right of executing the management command on thetarget node. If the DM server has the direct right, the managementcommand is processed according to the direct right. If the DM serverdoes not have the direct right, it is judged whether the DM server hasan indirect right of executing the management command on the targetnode. If the DM server has the indirect right, the management command isprocessed according to the indirect right. In this manner, thecapability of right speculation of a terminal device is enhanced. Inother words, the terminal device is enabled to judge according to theindirect right whether a corresponding process can be performed, and theDM server does not need to replace a right level-by-level, so as tosimplify the complexity of right management, and reduce the number oftimes of message interactions between the DM server and the terminaldevice, thereby improving the efficiency and performance of terminaldevice management.

In conclusion, the specific embodiments of the present invention cansimplify the complexity of right management, reduce the number of timesof message interactions between the DM server and the terminal device,and reduce the pressure on the DM server and the terminal device as wellas the pressure on network transmission, so as to improve the efficiencyand performance of terminal device management.

In conclusion, the above are merely some exemplary embodiments of thepresent invention. However, the scope of the present invention is notlimited to these embodiments. Changes or replacements readily apparentto persons skilled in the art within the technical scope of the presentinvention should fall within the scope of the present invention.Therefore, the protection scope of the present invention is subject tothe appended claims.

What is claimed is:
 1. A method for terminal device managementcomprising: receiving, from a device management server, a managementcommand on a leaf node in a device management tree, wherein the devicemanagement server has no first direct right to execute the managementcommand on the leaf node; determining that an ancestor node of the leafnode has an access control (ACL) property indicating that the devicemanagement server has a second direct right to execute the managementcommand on the ancestor node; skipping endowing the device managementserver with a direct right to execute the management command on everymanaged node below the ancestor node till the leaf node; and executingthe management command on the leaf node.
 2. The method according toclaim 1, wherein the leaf node has no ACL property for indicating thefirst direct right, or a value of an ACL property of the leaf node isempty.
 3. The method according to claim 1, wherein an ACL property ofthe ancestor node comprises an identifier of the device managementserver.
 4. The method according to claim 1, wherein the managementcommand corresponds to a reading operation on the leaf node or a writingoperation on the leaf node.
 5. The method according claim 1, whereinskipping endowing the device management server with the direct right toexecute the management command on every managed node below the ancestornode till the leaf node, comprises skipping changing any ACL property ofthe every managed node below the ancestor node till the leaf node.
 6. Aterminal device comprising at least one processor, and one or morememories coupled to the at least one processor, wherein the one or morememories are configured to store non-transitory instructions, andwherein the at least one processor is configured to execute thenon-transitory instructions to thereby cause the terminal device to:receive, from a device management server, a management command on a leafnode in a device management tree in the terminal device, wherein thedevice management server has no first direct right to execute themanagement command on the leaf node; determine that an ancestor node ofthe leaf node has an access control (ACL) property indicating that thedevice management server has a second direct right to execute themanagement command on the ancestor node; skip endowing the devicemanagement server with a direct right to execute the management commandon every managed node below the ancestor node till the leaf node; andexecute the management command on the leaf node.
 7. The terminal deviceaccording to claim 6, wherein the leaf node has no ACL property forindicating the first direct right, or a value of an ACL property of theleaf node is empty.
 8. The terminal device according to claim 6, whereinan ACL property of the ancestor node comprises an identifier of thedevice management server.
 9. The terminal device according to claim 6,wherein the management command corresponds to a reading operation on theleaf node or a writing operation on the leaf node.
 10. The terminaldevice according claim 6, wherein the at least one processor is furtherconfigured to execute the non-transitory instructions to further causethe terminal device to skip changing any ACL property of the everymanaged node below the ancestor node till the leaf node.
 11. A methodfor terminal device management comprising: sending, by a devicemanagement server, a management command on a leaf node in a devicemanagement tree, wherein the device management server has no firstdirect right to execute the management command on the leaf node;receiving, from the device management server, the management command;determining that an ancestor node of the leaf node has an access control(ACL) property indicating that the device management server has a seconddirect right to execute the management command on the ancestor node;skipping endowing the device management server with a direct right toexecute the management command on every managed node below the ancestornode till the leaf node; and executing the management command on theleaf node.
 12. The method according to claim 11, wherein the leaf nodehas no ACL property for indicating the first direct right, or a value ofan ACL property of the leaf node is empty.
 13. The method according toclaim 11, wherein an ACL property of the ancestor node comprises anidentifier of the device management server.
 14. The method according toclaim 11, wherein the management command corresponds to a readingoperation on the leaf node or a writing operation on the leaf node. 15.The method according claim 11, wherein skipping endowing the devicemanagement server with the direct right to execute the managementcommand on every managed node below the ancestor node till the leafnode, comprises skipping changing any ACL property of the every managednode below the ancestor node till the leaf node.
 16. A system forterminal device management comprising a device management server and aterminal device, wherein the device management server is configured tosend to the terminal device a management command on a leaf node in adevice management tree in the terminal device, wherein the devicemanagement server has no first direct right to execute the managementcommand on the leaf node; the terminal device is configured to: receive,from the device management server, the management command; determinethat an ancestor node of the leaf node has an access control (ACL)property indicating that the device management server has a seconddirect right to execute the management command on the ancestor node;skip endowing the device management server with a direct right toexecute the management command on every managed node below the ancestornode till the leaf node; and execute the management command on the leafnode.
 17. The system according to claim 16, wherein the leaf node has noACL property for indicating the first direct right, or a value of an ACLproperty of the leaf node is empty.
 18. The system according to claim16, wherein an ACL property of the ancestor node comprises an identifierof the device management server.
 19. The system according to claim 16,wherein the management command corresponds to a reading operation on theleaf node or a writing operation on the leaf node.
 20. The systemaccording claim 16, wherein the terminal device is further configured toskip changing any ACL property of the every managed node below theancestor node till the leaf node.